| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87mx17du3w.fsf@tucsk.pomaz.szeredi.hu>
Date: Mon, 03 Sep 2012 17:05:55 +0200
From: Miklos Szeredi <miklos@...redi.hu>
To: sedat.dilek@...il.com
Cc: viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, hch@...radead.org,
torvalds@...ux-foundation.org, akpm@...ux-foundation.org,
apw@...onical.com, nbd@...nwrt.org, neilb@...e.de,
jordipujolp@...il.com, ezk@....cs.sunysb.edu, ricwheeler@...il.com,
dhowells@...hat.com, hpj@...la.net, sedat.dilek@...glemail.com,
penberg@...nel.org, goran.cetusic@...il.com, romain@...bokech.com
Subject: Re: [PATCH 08/13] fs: limit filesystem stacking depth
Sedat Dilek <sedat.dilek@...il.com> writes:
>>
>> Yes, setting it to 2 is defensive, it would need more stack depth
>> analysis to see what an acceptable number would be.
>>
>
> Can you describe such an analysis method (in case you need help for
> testing it)?
I attached a systemtap script (x86-64 specific) which prints stack use
for stacked overlayfs filesystems. Interpret output like this:
7288 0 ovl_lookup (bash/5721)
^ ^
| |
| +- function name (process/pid)
|
+------------ current stack use
7080 208 ovl_permission (bash/5721)
^ ^
| |
| +- stacking depth indicated by indentation
|
+------ stack increase from previous stacking level
You can try it on various setups (overlayfs being used as the lower
and/or upper level) and executing various filesystem operations.
Looks like "copy up" is the most stack hungry operation, it may be worth
trying to reduce its stack usage.
Thanks,
Miklos
---
global rec_level, stacks
probe
kernel.function("ovl_permission"),
kernel.function("ovl_getattr"),
kernel.function("ovl_dir_getattr"),
kernel.function("ovl_setattr"),
kernel.function("ovl_setxattr"),
kernel.function("ovl_listxattr"),
kernel.function("ovl_removexattr"),
kernel.function("ovl_dentry_open"),
kernel.function("ovl_lookup"),
kernel.function("ovl_mkdir"),
kernel.function("ovl_symlink"),
kernel.function("ovl_unlink"),
kernel.function("ovl_rmdir"),
kernel.function("ovl_rename"),
kernel.function("ovl_link"),
kernel.function("ovl_create"),
kernel.function("ovl_mknod"),
kernel.function("ovl_follow_link"),
kernel.function("ovl_put_link"),
kernel.function("ovl_readlink"),
kernel.function("ovl_dir_open"),
kernel.function("ovl_readdir"),
kernel.function("ovl_dir_llseek"),
kernel.function("ovl_dir_fsync"),
kernel.function("ovl_dir_release"),
kernel.function("ovl_dentry_release"),
kernel.function("ovl_put_super"),
kernel.function("ovl_statfs")
{
tid = tid();
i = rec_level[tid]++;
stack_rem = u_register("rbp") & 0x1fff;
stacks[tid, i] = stack_rem;
delta = i > 0 ? stacks[tid, i - 1] - stack_rem : 0;
printf("%4i %4i %-*s %s (%s/%i)\n", stack_rem, delta, i * 8, "", probefunc(), execname(), tid);
}
probe
kernel.function("ovl_permission").return,
kernel.function("ovl_getattr").return,
kernel.function("ovl_dir_getattr").return,
kernel.function("ovl_setattr").return,
kernel.function("ovl_setxattr").return,
kernel.function("ovl_listxattr").return,
kernel.function("ovl_removexattr").return,
kernel.function("ovl_dentry_open").return,
kernel.function("ovl_lookup").return,
kernel.function("ovl_mkdir").return,
kernel.function("ovl_symlink").return,
kernel.function("ovl_unlink").return,
kernel.function("ovl_rmdir").return,
kernel.function("ovl_rename").return,
kernel.function("ovl_link").return,
kernel.function("ovl_create").return,
kernel.function("ovl_mknod").return,
kernel.function("ovl_follow_link").return,
kernel.function("ovl_put_link").return,
kernel.function("ovl_readlink").return,
kernel.function("ovl_dir_open").return,
kernel.function("ovl_readdir").return,
kernel.function("ovl_dir_llseek").return,
kernel.function("ovl_dir_fsync").return,
kernel.function("ovl_dir_release").return,
kernel.function("ovl_dentry_release").return,
kernel.function("ovl_put_super").return,
kernel.function("ovl_statfs").return
{
rec_level[tid()]--;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists